Currently, devise is configured to accept token authentication via URL and curl works well

curl 'http://localhost/index.json?auth_token=TOKENVALUE'

Now I'd like to pass the TOKENVALUE via HTTP header instead of URL, how can I config devise to get the TOKENVALUE from either HTTP header or URL? Such that both the above and following curl requests will work: